Keep safe from cyber threats in the age of COVID-19

If it feels like you’re reading about a new cyber breach impacting a business every day… it’s because you probably are. Be it Business Email Compromise, Spearphishing, Vishing or any other form of cyber-related fraud, attacks are happening – and succeeding – everyday.

The numbers are staggering. A 2020 study by the Canadian Internet Registry Authority (CIRA) found that eight-in-10 Canadian organizations had faced at least one cyber attack in the year priorⁱ.

Cyber threats have been growing as our lives and businesses shift ever more online, and as bad actors see more success with methods like phishing, vishing and smishing, malware and ransomware. This has been especially true during COVID-19 when scammers and fraudsters have worked tirelessly to exploit consumer fears and dispersed workforces for their own personal gain.

In fact, the 2020 CIRA Cybersecurity Report notes that three in 10 Canadian organization say they had seen a spike in the volume of attacked during the pandemicⁱⁱ. And with the average cost of a data breach in Canada reaching a record $6.35 million, it’s time for businesses to take noteⁱⁱⁱ.

The days of the “hacker alone in a basement” are long over. Those with the technical skills to pose a threat to businesses and consumers alike are getting organized, and have created an entire economy around hacking. The “Dark Web” is filled with forums for bad actors that buy and sell technologies designed to attack businesses – and even have customer support processes in place to make sure their products work as advertised.

“It’s easier for the bad guys than ever before. There’s strong economic incentive, and much less risk,” says Peter Buckley, Head of Technology and Cyber Resilience, HSBC Bank Canada. “This is the age of Malware-as-a-Service, where advanced tools can be bought and sold for cheap and used to attack any organization.”

The two main approaches for hackers today when attacking organizations are social engineering tactics (like phishing, vishing and smishing) and malicious code attacks (like malware and ransomware). And while incidents involving the latter may dominate the news cycle, it’s the former that remains the biggest threat to organizations.

Recent estimates suggest that as much as 91% of all cyber attacks start with a phishing attack^iv, designed to steal credentials that can give a cybercriminal access to your network or, more frequently, information that can be used against you.

Sometimes this takes the form of a genuine-looking email and invoice from a “trusted vendor” that turns out to be a spoofed file directing funds to the wrong place. Other times it’s a link in an email that can send you to a phony webpage designed to have you enter sensitive username and password information that bad actors can then use to gain access to accounts like your bank account, work profile or network.

When it comes to cybersecurity, being safe is all about being proactive. Here are three ways you can increase your chances of staying a step ahead of cybercriminals.

1. Develop a plan and practice, practice, practice

Spend time with key personnel and peers and develop a comprehensive plan. Think about what data is most important to your organization, and what data would be most valuable to someone else. Review the protections you have in place and where there could be gaps.

Ensure you have a list of names and numbers of those you’d need to contact in the event of a data breach – and keep a paper copy handy in the event you’re locked out of your systems.

And test your plans. Hold tabletop exercises regularly (once per quarter) to test how you would respond in the event of a real situation. Test your team’s ability to identify phishing, vishing and smishing attempts. This can help prepare you for what you’ve planned for, and also help you uncover important considerations that you didn’t.

2. Keep any hardware and software connected to your network updated

New ways to attack well-known technology are being uncovered everyday. One of the simplest steps to keep your network safe is to ensure any device that can access it — from the servers in your data centre to the laptops and smartphones in the hands of everyone from CEO to customer service representative — are always updated with the latest security patches.

It only takes one weak point for hackers to get into a system, and from there they can cause considerable damage and expense. And if they’ve been successful in attacking once, they’re even more likely to try again and again and again.

3. Protect yourself with education, verification and speed

Companies face a balancing act of trying to grow their organization and protecting it.

Educating employees about what to look out for is the number one way to keep your organization protected from malicious attempts to access your data. Ensuring proper verification and authentication is being incorporated into all processes can provide an added safeguard to help keep your business safe.

Lastly, if it does appear you have fallen victim to a cyber attack – act quickly. Immediately notify your financial partners, the proper authorities and any other party that may be directly impacted by the incident – or that can potentially help to limit the impact of the attack.

When it comes to keeping your business safe from cyber threats, every second - and every effort - counts. More information on ways to minimize fraud and cyber threats, read Keep Safe from Cyber Threats in the Age of COVID-19.